Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 22

Thread: trying to remove Click.giftload

  1. #11
    Junior Member
    Join Date
    Mar 2011
    Posts
    12

    Default

    ESET results:

    C:\Qoobox\Quarantine\C\Users\Jackie\AppData\Roaming\C4A124040BAAEE456847DD5207E2838A\enemies-names.txt.vir Win32/Adware.AntimalwareDoctor.AE.Gen application
    C:\Qoobox\Quarantine\C\Users\Jackie\AppData\Roaming\C4A124040BAAEE456847DD5207E2838A\local.ini.vir Win32/Adware.AntimalwareDoctor.AE.Gen application
    C:\Users\Jackie\AppData\Local\ebekoril.dll_old a variant of Win32/Kryptik.KNA trojan


    New DDS log:

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Jackie at 18:34:38.85 on Sat 04/02/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
    Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1014.293 [GMT -5:00]
    .
    AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\AsScrPro.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\igfxtray.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
    C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
    C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Citrix\ICA Client\concentr.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\wuauclt.exe
    C:\windows\explorer.exe
    C:\Program Files\Asus\Eee Docking\Eee Docking.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\windows\servicing\TrustedInstaller.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Jackie\Downloads\dds.scr
    C:\windows\system32\conhost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\taskhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.5.0.125\ips\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: ASUS Windows 7 Starter Helper: {d381ff29-7cfb-4d4e-b92a-c4eddc696614} - c:\program files\asus\systemsetting\StarterHelper.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe
    mRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe autorun
    mRun: [LiveUpdate] AsusSender.exe c:\program files\asus\liveupdate\LiveUpdate.exe auto
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [HotkeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe
    mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe
    mRun: [SuperHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [OOBESetup] c:\program files\asus\ooberegbackup\ooberegbackup.exe /restore -"c:\program files\asus\ooberegbackup\OOBEReg.ini"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    StartupFolder: c:\users\jackie\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\jackie\appdata\roaming\mozilla\firefox\profiles\k4zwr124.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google Powered Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\jackie\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\users\jackie\appdata\roaming\mozilla\firefox\profiles\k4zwr124.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1205000.07d\SymDS.sys [2011-3-25 340016]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1205000.07d\SymEFA.sys [2011-3-25 652336]
    R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-11-10 11448]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\bashdefs\20110309.001\BHDrvx86.sys [2011-2-25 800376]
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\ipsdefs\20110330.001\IDSvix86.sys [2011-3-31 353912]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1205000.07d\Ironx86.sys [2011-3-25 136312]
    R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nav\1205000.07d\symnets.sys [2011-3-25 295032]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.5.0.125\ccSvcHst.exe [2011-3-25 130000]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-3-22 1153368]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-3-26 102448]
    R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-10-6 51712]
    S2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2009-11-10 219136]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-10-6 43944]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-2-28 55280]
    S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
    .
    =============== Created Last 30 ================
    .
    2011-04-02 02:17:56 -------- d-----w- c:\program files\ESET
    2011-04-02 02:00:45 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-04-02 02:00:33 -------- d-----w- c:\users\jackie\appdata\local\temp
    2011-03-31 22:17:47 98816 ----a-w- c:\windows\sed.exe
    2011-03-31 22:17:47 89088 ----a-w- c:\windows\MBR.exe
    2011-03-31 22:17:47 256512 ----a-w- c:\windows\PEV.exe
    2011-03-31 22:17:47 161792 ----a-w- c:\windows\SWREG.exe
    2011-03-28 22:48:41 -------- d-----w- c:\users\jackie\appdata\local\CrashDumps
    2011-03-27 12:10:08 2560 ----a-w- c:\windows\_MSRSTRT.EXE
    2011-03-26 01:05:47 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-03-26 01:05:47 -------- d-----w- c:\program files\Symantec
    2011-03-26 01:05:47 -------- d-----w- c:\program files\common files\Symantec Shared
    2011-03-26 01:05:36 652336 ----a-r- c:\windows\system32\drivers\nav\1205000.07d\SymEFA.sys
    2011-03-26 01:05:36 509560 ----a-r- c:\windows\system32\drivers\nav\1205000.07d\srtsp.sys
    2011-03-26 01:05:36 50168 ----a-r- c:\windows\system32\drivers\nav\1205000.07d\srtspx.sys
    2011-03-26 01:05:36 340016 ----a-r- c:\windows\system32\drivers\nav\1205000.07d\SymDS.sys
    2011-03-26 01:05:36 295032 ----a-r- c:\windows\system32\drivers\nav\1205000.07d\symnets.sys
    2011-03-26 01:05:36 136312 ----a-r- c:\windows\system32\drivers\nav\1205000.07d\Ironx86.sys
    2011-03-26 01:05:23 -------- d-----w- c:\windows\system32\drivers\nav\1205000.07D
    2011-03-26 01:05:23 -------- d-----w- c:\windows\system32\drivers\NAV
    2011-03-26 01:05:22 -------- d-----w- c:\program files\Norton AntiVirus
    2011-03-26 01:01:38 -------- d-----w- c:\program files\NortonInstaller
    2011-03-26 01:01:38 -------- d-----w- c:\progra~2\NortonInstaller
    2011-03-26 00:45:54 -------- d-----w- c:\progra~2\Norton
    2011-03-23 01:55:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-03-23 01:55:18 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
    2011-03-12 17:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2011-03-12 17:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2011-03-10 02:40:43 802304 ----a-w- c:\windows\system32\FntCache.dll
    2011-03-10 02:40:43 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2011-03-10 02:40:42 739840 ----a-w- c:\windows\system32\d2d1.dll
    2011-03-10 02:40:41 642048 ----a-w- c:\windows\system32\CPFilters.dll
    2011-03-10 02:40:40 850432 ----a-w- c:\windows\system32\sbe.dll
    2011-03-10 02:40:40 534528 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-10 02:40:40 199680 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-10 02:40:37 2690560 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-10 02:40:36 1034240 ----a-w- c:\windows\system32\mstsc.exe
    .
    ==================== Find3M ====================
    .
    2011-02-03 02:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
    2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 18:36:37.04 ===============




    ComboFix Log and Attach file are attached in zipped folder.

    The system is running better, but not back to normal. I haven't noticed the browser hijacker popping up any new windows/tabs lately, but the system is still very slow to wake up from hibernation (sometimes not at all). I have been hesitant to use the system for too much due to the possibility of trackers and such. There is definite improvement!

  2. #12
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Delete C:\Users\Jackie\AppData\Local\ebekoril.dll_old file.

    Did you have Norton installed when the system worked faster? Norton isn't the lightest antivirus solution available.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #13
    Junior Member
    Join Date
    Mar 2011
    Posts
    12

    Default

    No I did not have Norton when it was faster. Since yesterday it seems to have improved a little more (running at a tolerable speed). Are there parts of Norton that are not as necessary to have on all the time? I am not familiar with some of the newer features (i.e. Insight Protection) and perhaps they slow it down without providing a significant benefit.

    Based on the reports/logs I've posted, would you say the main threat has been removed? I'm fairly comfortable with the performance of the system provided I'm not at risk for the browser hijacker or trackers. Let me know what you think.

    I really appreciate the help and advice!!

  4. #14
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    I don't use Norton myself so unfortunately can't provide support regarding its modules. Anyway, I'll provide links to a few other antivirus programs in case you want to try one of those instead. Logs looked ok.


    THESE STEPS ARE VERY IMPORTANT

    Let's reset system restore
    Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

    A To disable the System Restore feature:

    1. Click on the Start button.
    2. Hover over the Computer option, right click on it and then click Properties.
    3. On the left hand side, click Advanced Settings.
    4. If asked to permit the action, click on Allow.
    5. Click on the System Protection tab.
    6. Select c: drive and click Configure...
    7. Select Turn off protection
    8. Press OK.
    Repeat steps 6-8 for each hard drive.

    B. Reboot.

    C Turn ON System Restore.
    Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.



    Now lets uninstall ComboFix:
    • Click START then RUN
    • Now copy-paste Combofix /uninstall in the runbox and click OK



    UPDATING WINDOWS AND INTERNET EXPLORER

    IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

    If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

    Make your Internet Explorer more secure

    This can be done by following these simple instructions:
    From within Internet Explorer click on the Tools menu and then click on Options.
    Click once on the Security tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.



    The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

    • Download and run Secunia Personal Software Inspector (PSI) and fix its findings.
    • Get Anti Virus Software and keep it updated - Most AVs will update automatically, but if not I would recommend making updating the AV the first job every time the PC is connected to the internet. An AV that is using defs that are seven days old is not going to be much protection. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Good free antivirus programs are:
      Antivir
      Avast!
      Good commercial ones are from:
      Kaspersky and
      ESET



    Just a final reminder for you. I am trying to stress these two points.
    UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
    Make sure all of your security programs are up to date.
    Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


    Once again, please post and tell me how things are going with your system... problems etc.

    Have a great day,
    Blade
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #15
    Junior Member
    Join Date
    Mar 2011
    Posts
    12

    Default

    I downloaded Secunia and fixed the problems. I updated IE - most of those security settings were already set as you suggested. I have been having trouble updating Windows. Most updates installed fine, with the exception of Service Pack 1 for Windows 7. I visited the Windows site for advice and did as instructed, but nothing seems to work. During this process, I ran Spybot S&D as they suggested one possibility for being unable to install the SP1 was possible malware. Spybot S&D found Click.giftload again. This time it appears to have resolved the issue as on a second pass, the problem wasn't found; however, the SP1 still does not install. Once downloaded, it initializes installation by creating a restore point. I don't know if the restore point creation is successful as the error comes up either during or directly after this point. The error code is FFFFFFFE - an "unknown" error. Any other advice on getting SP1 to install?

    Thanks!!

  6. #16
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    I visited the Windows site for advice and did as instructed
    Do you have a link to that topic?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  7. #17

  8. #18
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please re-run TDSSKiller like you did before and post back its log.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  9. #19
    Junior Member
    Join Date
    Mar 2011
    Posts
    12

    Default

    2011/04/07 17:09:50.0356 4724 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/04/07 17:09:50.0512 4724 ================================================================================
    2011/04/07 17:09:50.0512 4724 SystemInfo:
    2011/04/07 17:09:50.0512 4724
    2011/04/07 17:09:50.0512 4724 OS Version: 6.1.7600 ServicePack: 0.0
    2011/04/07 17:09:50.0512 4724 Product type: Workstation
    2011/04/07 17:09:50.0512 4724 ComputerName: JACKIE-NETBOOK
    2011/04/07 17:09:50.0512 4724 UserName: Jackie
    2011/04/07 17:09:50.0512 4724 Windows directory: C:\windows
    2011/04/07 17:09:50.0512 4724 System windows directory: C:\windows
    2011/04/07 17:09:50.0512 4724 Processor architecture: Intel x86
    2011/04/07 17:09:50.0512 4724 Number of processors: 2
    2011/04/07 17:09:50.0512 4724 Page size: 0x1000
    2011/04/07 17:09:50.0512 4724 Boot type: Normal boot
    2011/04/07 17:09:50.0512 4724 ================================================================================
    2011/04/07 17:09:51.0448 4724 Initialize success
    2011/04/07 17:09:56.0518 1944 ================================================================================
    2011/04/07 17:09:56.0518 1944 Scan started
    2011/04/07 17:09:56.0518 1944 Mode: Manual;
    2011/04/07 17:09:56.0518 1944 ================================================================================
    2011/04/07 17:09:58.0312 1944 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
    2011/04/07 17:09:58.0390 1944 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
    2011/04/07 17:09:58.0483 1944 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
    2011/04/07 17:09:58.0577 1944 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
    2011/04/07 17:09:58.0733 1944 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
    2011/04/07 17:09:58.0889 1944 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
    2011/04/07 17:09:58.0998 1944 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
    2011/04/07 17:09:59.0092 1944 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
    2011/04/07 17:09:59.0201 1944 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
    2011/04/07 17:09:59.0357 1944 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
    2011/04/07 17:09:59.0482 1944 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
    2011/04/07 17:09:59.0544 1944 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
    2011/04/07 17:09:59.0653 1944 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
    2011/04/07 17:09:59.0731 1944 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
    2011/04/07 17:09:59.0778 1944 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
    2011/04/07 17:09:59.0950 1944 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
    2011/04/07 17:10:00.0012 1944 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
    2011/04/07 17:10:00.0059 1944 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
    2011/04/07 17:10:00.0293 1944 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
    2011/04/07 17:10:00.0433 1944 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
    2011/04/07 17:10:00.0511 1944 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\windows\system32\drivers\AsUpIO.sys
    2011/04/07 17:10:00.0652 1944 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
    2011/04/07 17:10:00.0730 1944 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
    2011/04/07 17:10:00.0901 1944 athr (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys
    2011/04/07 17:10:01.0120 1944 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
    2011/04/07 17:10:01.0322 1944 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
    2011/04/07 17:10:01.0478 1944 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
    2011/04/07 17:10:01.0712 1944 BHDrvx86 (32d6e07922d17bed40ae746fc86b8a68) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20110309.001\BHDrvx86.sys
    2011/04/07 17:10:01.0900 1944 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
    2011/04/07 17:10:02.0087 1944 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys
    2011/04/07 17:10:02.0180 1944 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
    2011/04/07 17:10:02.0243 1944 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
    2011/04/07 17:10:02.0305 1944 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
    2011/04/07 17:10:02.0461 1944 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
    2011/04/07 17:10:02.0508 1944 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
    2011/04/07 17:10:02.0555 1944 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
    2011/04/07 17:10:02.0617 1944 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys
    2011/04/07 17:10:02.0664 1944 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
    2011/04/07 17:10:02.0726 1944 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
    2011/04/07 17:10:02.0836 1944 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys
    2011/04/07 17:10:03.0007 1944 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys
    2011/04/07 17:10:03.0054 1944 btusbflt (92c5b845803f3662637eb691ac0b250f) C:\windows\system32\drivers\btusbflt.sys
    2011/04/07 17:10:03.0584 1944 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
    2011/04/07 17:10:03.0662 1944 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
    2011/04/07 17:10:03.0818 1944 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
    2011/04/07 17:10:03.0896 1944 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
    2011/04/07 17:10:04.0021 1944 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
    2011/04/07 17:10:04.0084 1944 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
    2011/04/07 17:10:04.0302 1944 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
    2011/04/07 17:10:04.0614 1944 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
    2011/04/07 17:10:04.0692 1944 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
    2011/04/07 17:10:04.0801 1944 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
    2011/04/07 17:10:04.0973 1944 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\windows\system32\DRIVERS\ctxusbm.sys
    2011/04/07 17:10:05.0098 1944 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
    2011/04/07 17:10:05.0238 1944 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
    2011/04/07 17:10:05.0394 1944 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
    2011/04/07 17:10:05.0503 1944 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
    2011/04/07 17:10:05.0597 1944 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
    2011/04/07 17:10:05.0862 1944 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
    2011/04/07 17:10:06.0034 1944 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    2011/04/07 17:10:06.0190 1944 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
    2011/04/07 17:10:06.0330 1944 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2011/04/07 17:10:06.0470 1944 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
    2011/04/07 17:10:06.0673 1944 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
    2011/04/07 17:10:06.0798 1944 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
    2011/04/07 17:10:06.0938 1944 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
    2011/04/07 17:10:07.0032 1944 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
    2011/04/07 17:10:07.0079 1944 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
    2011/04/07 17:10:07.0126 1944 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
    2011/04/07 17:10:07.0188 1944 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
    2011/04/07 17:10:07.0282 1944 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
    2011/04/07 17:10:07.0360 1944 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\windows\system32\DRIVERS\fssfltr.sys
    2011/04/07 17:10:07.0469 1944 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
    2011/04/07 17:10:07.0547 1944 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
    2011/04/07 17:10:07.0656 1944 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
    2011/04/07 17:10:07.0718 1944 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/04/07 17:10:07.0828 1944 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
    2011/04/07 17:10:07.0921 1944 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
    2011/04/07 17:10:08.0015 1944 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
    2011/04/07 17:10:08.0077 1944 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
    2011/04/07 17:10:08.0140 1944 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
    2011/04/07 17:10:08.0218 1944 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
    2011/04/07 17:10:08.0280 1944 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
    2011/04/07 17:10:08.0389 1944 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
    2011/04/07 17:10:08.0498 1944 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
    2011/04/07 17:10:08.0561 1944 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
    2011/04/07 17:10:08.0670 1944 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
    2011/04/07 17:10:08.0842 1944 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
    2011/04/07 17:10:08.0935 1944 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
    2011/04/07 17:10:09.0169 1944 IDSVix86 (7c8ce2b83a89ee1cb0c3fee5991e62a2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20110406.001\IDSvix86.sys
    2011/04/07 17:10:09.0466 1944 igfx (ba41e1bba410212ce6d30e0dac47972b) C:\windows\system32\DRIVERS\igdkmd32.sys
    2011/04/07 17:10:09.0746 1944 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
    2011/04/07 17:10:09.0996 1944 IntcAzAudAddService (db96b8bd676bb24bd4f1dc53ca1f182c) C:\windows\system32\drivers\RTKVHDA.sys
    2011/04/07 17:10:10.0152 1944 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
    2011/04/07 17:10:10.0292 1944 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
    2011/04/07 17:10:10.0355 1944 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
    2011/04/07 17:10:10.0495 1944 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
    2011/04/07 17:10:10.0542 1944 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
    2011/04/07 17:10:10.0714 1944 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
    2011/04/07 17:10:10.0760 1944 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
    2011/04/07 17:10:10.0823 1944 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
    2011/04/07 17:10:10.0932 1944 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
    2011/04/07 17:10:11.0010 1944 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
    2011/04/07 17:10:11.0057 1944 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys
    2011/04/07 17:10:11.0119 1944 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
    2011/04/07 17:10:11.0197 1944 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
    2011/04/07 17:10:11.0338 1944 L1C (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys
    2011/04/07 17:10:11.0447 1944 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
    2011/04/07 17:10:11.0556 1944 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
    2011/04/07 17:10:11.0603 1944 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
    2011/04/07 17:10:11.0650 1944 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
    2011/04/07 17:10:11.0712 1944 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
    2011/04/07 17:10:11.0774 1944 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
    2011/04/07 17:10:11.0915 1944 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
    2011/04/07 17:10:12.0008 1944 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
    2011/04/07 17:10:12.0164 1944 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
    2011/04/07 17:10:12.0242 1944 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
    2011/04/07 17:10:12.0320 1944 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
    2011/04/07 17:10:12.0398 1944 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
    2011/04/07 17:10:12.0461 1944 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
    2011/04/07 17:10:12.0523 1944 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
    2011/04/07 17:10:12.0601 1944 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
    2011/04/07 17:10:12.0679 1944 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
    2011/04/07 17:10:12.0788 1944 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\windows\system32\DRIVERS\mrxsmb.sys
    2011/04/07 17:10:12.0835 1944 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\windows\system32\DRIVERS\mrxsmb10.sys
    2011/04/07 17:10:12.0913 1944 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\windows\system32\DRIVERS\mrxsmb20.sys
    2011/04/07 17:10:12.0976 1944 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
    2011/04/07 17:10:13.0022 1944 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
    2011/04/07 17:10:13.0116 1944 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
    2011/04/07 17:10:13.0163 1944 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
    2011/04/07 17:10:13.0210 1944 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
    2011/04/07 17:10:13.0303 1944 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
    2011/04/07 17:10:13.0334 1944 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
    2011/04/07 17:10:13.0381 1944 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
    2011/04/07 17:10:13.0444 1944 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
    2011/04/07 17:10:13.0522 1944 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
    2011/04/07 17:10:13.0584 1944 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
    2011/04/07 17:10:13.0631 1944 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
    2011/04/07 17:10:13.0678 1944 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
    2011/04/07 17:10:13.0787 1944 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
    2011/04/07 17:10:13.0990 1944 NAVENG (c34e2a884ccca8b5567d0c2752527073) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20110406.038\NAVENG.SYS
    2011/04/07 17:10:14.0224 1944 NAVEX15 (b3916eeec738dd4178f4fd6a44a32e36) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20110406.038\NAVEX15.SYS
    2011/04/07 17:10:14.0442 1944 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
    2011/04/07 17:10:14.0536 1944 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
    2011/04/07 17:10:14.0614 1944 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
    2011/04/07 17:10:14.0754 1944 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
    2011/04/07 17:10:14.0816 1944 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
    2011/04/07 17:10:14.0863 1944 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
    2011/04/07 17:10:14.0926 1944 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
    2011/04/07 17:10:14.0972 1944 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
    2011/04/07 17:10:15.0113 1944 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
    2011/04/07 17:10:15.0191 1944 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
    2011/04/07 17:10:15.0269 1944 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
    2011/04/07 17:10:15.0362 1944 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
    2011/04/07 17:10:15.0456 1944 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
    2011/04/07 17:10:15.0503 1944 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys
    2011/04/07 17:10:15.0565 1944 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys
    2011/04/07 17:10:15.0628 1944 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
    2011/04/07 17:10:15.0706 1944 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
    2011/04/07 17:10:15.0893 1944 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
    2011/04/07 17:10:15.0971 1944 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
    2011/04/07 17:10:16.0018 1944 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
    2011/04/07 17:10:16.0142 1944 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
    2011/04/07 17:10:16.0189 1944 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
    2011/04/07 17:10:16.0267 1944 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
    2011/04/07 17:10:16.0330 1944 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
    2011/04/07 17:10:16.0392 1944 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
    2011/04/07 17:10:16.0673 1944 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
    2011/04/07 17:10:16.0766 1944 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
    2011/04/07 17:10:16.0922 1944 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
    2011/04/07 17:10:17.0000 1944 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\windows\system32\DRIVERS\psi_mf.sys
    2011/04/07 17:10:17.0094 1944 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
    2011/04/07 17:10:17.0188 1944 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
    2011/04/07 17:10:17.0250 1944 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
    2011/04/07 17:10:17.0312 1944 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
    2011/04/07 17:10:17.0375 1944 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
    2011/04/07 17:10:17.0453 1944 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
    2011/04/07 17:10:17.0515 1944 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
    2011/04/07 17:10:17.0609 1944 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
    2011/04/07 17:10:17.0671 1944 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
    2011/04/07 17:10:17.0734 1944 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
    2011/04/07 17:10:17.0780 1944 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
    2011/04/07 17:10:17.0858 1944 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
    2011/04/07 17:10:17.0905 1944 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
    2011/04/07 17:10:17.0968 1944 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
    2011/04/07 17:10:18.0108 1944 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
    2011/04/07 17:10:18.0202 1944 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
    2011/04/07 17:10:18.0342 1944 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
    2011/04/07 17:10:18.0436 1944 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
    2011/04/07 17:10:18.0529 1944 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
    2011/04/07 17:10:18.0654 1944 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
    2011/04/07 17:10:18.0794 1944 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
    2011/04/07 17:10:18.0841 1944 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
    2011/04/07 17:10:18.0919 1944 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
    2011/04/07 17:10:19.0028 1944 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
    2011/04/07 17:10:19.0091 1944 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
    2011/04/07 17:10:19.0247 1944 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\windows\system32\drivers\sffp_sd.sys
    2011/04/07 17:10:19.0340 1944 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
    2011/04/07 17:10:19.0496 1944 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
    2011/04/07 17:10:19.0559 1944 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
    2011/04/07 17:10:19.0621 1944 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
    2011/04/07 17:10:19.0746 1944 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
    2011/04/07 17:10:19.0855 1944 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
    2011/04/07 17:10:20.0074 1944 SRTSP (a7a104a61c4e30de9c58f8c372a5c209) C:\windows\system32\drivers\NAV\1205000.07D\SRTSP.SYS
    2011/04/07 17:10:20.0292 1944 SRTSPX (2833445f786bd000bb14c84a9d91347a) C:\windows\system32\drivers\NAV\1205000.07D\SRTSPX.SYS
    2011/04/07 17:10:20.0370 1944 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\windows\system32\DRIVERS\srv.sys
    2011/04/07 17:10:20.0448 1944 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\windows\system32\DRIVERS\srv2.sys
    2011/04/07 17:10:20.0510 1944 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\windows\system32\DRIVERS\srvnet.sys
    2011/04/07 17:10:20.0620 1944 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
    2011/04/07 17:10:20.0776 1944 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
    2011/04/07 17:10:20.0885 1944 SymDS (bdf077b897b5f9f929b6bf0cfd436962) C:\windows\system32\drivers\NAV\1205000.07D\SYMDS.SYS
    2011/04/07 17:10:21.0072 1944 SymEFA (7732298ad2eddd364c1d4f439d99ae7c) C:\windows\system32\drivers\NAV\1205000.07D\SYMEFA.SYS
    2011/04/07 17:10:21.0228 1944 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\windows\system32\Drivers\SYMEVENT.SYS
    2011/04/07 17:10:21.0306 1944 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\windows\system32\drivers\NAV\1205000.07D\Ironx86.SYS
    2011/04/07 17:10:21.0400 1944 SymNetS (d4636a051890a92d1c8c2d9e7a5c8381) C:\windows\system32\drivers\NAV\1205000.07D\SYMNETS.SYS
    2011/04/07 17:10:21.0540 1944 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
    2011/04/07 17:10:21.0790 1944 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys
    2011/04/07 17:10:21.0992 1944 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys
    2011/04/07 17:10:22.0102 1944 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
    2011/04/07 17:10:22.0164 1944 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
    2011/04/07 17:10:22.0211 1944 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
    2011/04/07 17:10:22.0273 1944 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
    2011/04/07 17:10:22.0351 1944 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
    2011/04/07 17:10:22.0616 1944 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
    2011/04/07 17:10:22.0694 1944 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
    2011/04/07 17:10:22.0772 1944 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
    2011/04/07 17:10:22.0975 1944 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
    2011/04/07 17:10:23.0209 1944 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
    2011/04/07 17:10:23.0303 1944 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
    2011/04/07 17:10:23.0396 1944 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
    2011/04/07 17:10:23.0459 1944 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
    2011/04/07 17:10:23.0521 1944 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
    2011/04/07 17:10:23.0584 1944 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
    2011/04/07 17:10:23.0646 1944 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys
    2011/04/07 17:10:23.0693 1944 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
    2011/04/07 17:10:23.0755 1944 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
    2011/04/07 17:10:23.0818 1944 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
    2011/04/07 17:10:23.0864 1944 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
    2011/04/07 17:10:23.0927 1944 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
    2011/04/07 17:10:24.0036 1944 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
    2011/04/07 17:10:24.0098 1944 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
    2011/04/07 17:10:24.0161 1944 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
    2011/04/07 17:10:24.0223 1944 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
    2011/04/07 17:10:24.0286 1944 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
    2011/04/07 17:10:24.0332 1944 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
    2011/04/07 17:10:24.0395 1944 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
    2011/04/07 17:10:24.0457 1944 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
    2011/04/07 17:10:24.0520 1944 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
    2011/04/07 17:10:24.0582 1944 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
    2011/04/07 17:10:24.0644 1944 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
    2011/04/07 17:10:24.0707 1944 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
    2011/04/07 17:10:24.0832 1944 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
    2011/04/07 17:10:24.0941 1944 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
    2011/04/07 17:10:25.0003 1944 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
    2011/04/07 17:10:25.0066 1944 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
    2011/04/07 17:10:25.0253 1944 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
    2011/04/07 17:10:25.0331 1944 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
    2011/04/07 17:10:25.0549 1944 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
    2011/04/07 17:10:25.0612 1944 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
    2011/04/07 17:10:25.0846 1944 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
    2011/04/07 17:10:26.0064 1944 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
    2011/04/07 17:10:26.0204 1944 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
    2011/04/07 17:10:26.0314 1944 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
    2011/04/07 17:10:26.0454 1944 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/04/07 17:10:26.0470 1944 ================================================================================
    2011/04/07 17:10:26.0470 1944 Scan finished
    2011/04/07 17:10:26.0470 1944 ================================================================================
    2011/04/07 17:10:26.0501 1896 Detected object count: 1
    2011/04/07 17:10:54.0659 1896 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/04/07 17:10:54.0659 1896 \HardDisk0 - ok
    2011/04/07 17:10:54.0659 1896 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/04/07 17:10:58.0933 4756 Deinitialize success

  10. #20
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Please see if you're able to install service pack 1 now.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •